Roy said, commenting on Peter's mail:
] >
] > Various digest proposals have been proposed as weak subsets of SHTTP..
] > APOP is an existing standard. ...
]
] for transfer of mail, yes. So? You still have to translate the APOP
] authentication to an HTTP syntax. All I am saying is that you might as
] well translate it into the Digest syntax, since there is zero chance
] of it being implemented in HTTP clients otherwise.
I'm waiting on the revised Digest I-D before forming an opinion on this
one. We don't implement what was in the old version of the I-D on
Digest, and so we wouldn't have a problem choosing either. If there are
lots of people implementing the old version, then we'd be swayed by the
difficulty of their changing, all other things being equal (like degree
of simplicity and level of security). But the ability to reuse
mechanism between our POP3 server and HTTP server (even after
translating to HTTP syntactical form) would be attractive.
Paul